Quantum Helix for AI

Quantum Helix (QHx) AI Identity is a responsive security platform that provides cryptographic identity and verifiable accountability for AI workloads operating on military networks.

Real-Time Trust Bound to Systems

Traditional security stacks are inherently reactive, with separate systems for cryptography, Identity and Access Management, network policy, and audit struggling to keep pace with execution. Sterling, Dell Technologies, and Messier 42 worked together to develop QHx AI Identity, a security platform that fundamentally transforms data security by embedding identity, policy, communication, and evidence directly into the runtime path.

This approach moves beyond treating the network as the sole system boundary, establishing end-to-end trust across complex, distributed infrastructures, organizations, and linked datasets. Trust is determined by verifying individual identities, locations, the individual’s connections, and retaining comprehensive evidence.

Workload Identities

Within the QHx framework, each running workload is provisioned with a cryptographic identity at initiation that is subject to perpetual rotation, thereby securing processes through the dynamic expiration of credentials.

Proven Hardware

By leveraging hardware attestation, QHx ensures that workload identities are cryptographically tied to the underlying hardware, thereby automatically preventing any compromised host or tampered binary from successfully presenting an identity.

Dynamic Policy

QHX dynamically controls access and release by evaluating the requestor’s identity, data’s releasability, and current runtime context. This integrated approach enables security policies to intelligently follow the data wherever it moves, transcending static network perimeters.

Known Origins

QHx utilizes mutually authenticated tunnels where attested workloads are carried unmodified between collaborating entities. By cryptographically signing the request, its response, and the initiating identity into a unified record, QHx provides irrefutable evidence, ensuring clear accountability for all system actions and their authorization.

Assured Trust, Bound AI Workloads

QHx evolves security possibilities while expanding collaboration across fragmented systems. Every process is attached to a proven identity while constantly attesting that identity through authorized connections for approved operations.

Quantum Helix for AI Workloads

Identity Established

The node first attests its posture, and then the workload’s cryptographic identity is issued as a child of that attested node.

Posture Verified

Evidence from the node and workload is checked against defined policy before the identity issuance process fully proceeds.

Policy Evaluated

Authorization decisions are made dynamically, operating on the workload’s identity, namespace, labels, and the current runtime context.

Communication Secured

A mutually authenticated and encrypted tunnel is established between the attested peer workloads.

Action Recorded

A notarized receipt of the request, response, and calling identity can be created for audit and offline verification.

Quantum Helix for AI Workloads

Available on Tradewinds

QHx has been deemed awardable by the Chief Digital and Artificial Intelligence Office (CDAO) for listing on their Tradewinds Solutions Marketplace. Government buyers can rest assured that our solution has been assessed and approved for work within federal systems. Follow the link before to find our listing.

Where QHx Makes an Impact

QHx evolves security possibilities while expanding collaboration across fragmented systems. Every process is attached to a proven identity while constantly attesting that identity through authorized connections for approved operations.

Secure Data Exchange

Fragmented control over routing, encryption, identity, and policy often leads to data stalls and brittle interoperability across disjointed defense networks, platforms, and classifications. QHx resolves this by aligning workload identity, proxy-mediated transport, Multiple Listing Service (MLS) policy, and optional request notarization. This ensures only authorized information moves with explicit control, enabling secure exchange without forcing shared trust boundaries. QHx facilitates policy-aware movement, representing classification and releasability as enforceable attributes. It also embeds evidence in the path through signed receipts for audit and maintains message-level continuity by attaching object-level policy even after live transport, ensuring data moves securely and verifiably.

Edge AI Assurance

QHx ensures AI decisions have verifiable receipts, solving the critical problem of output lacking provenance. It binds AI requests, responses, workload identity, timestamp, and execution context into reviewable evidence. This allows operators to prove precisely which workload handled a request and its response. QHx provides detailed workload attribution, recording identity, pod metadata, and image information, while linking requests and responses via identifiers. Its signRequest mode creates signed, non-repudiable evidence for offline review. These receipts preserve crucial data, even from disconnected edge models, detailing the specific model, node, inputs, and time an answer was returned, ensuring full accountability for AI operations.

Coalition Interoperability

QHx enables seamless integration of U.S., joint, and allied systems, allowing them to share information while preserving distinct authority, releasability, and local trust domains. Recognizing that coalitions require federation, not uniformity, QHx prevents partners from surrendering control or operating in isolation. It supports separate trust domains where each cluster maintains its authority while authenticating approved peers. Federated clusters can verify each other’s SVIDs through bundle exchange without a single control plane. Releasability is directly represented in MLS labels and policy mappings, ensuring information moves according to explicit identity and release constraints, rather than informal trust.

Multi-Domain Operations

QHx enables secure sharing across sensitivity boundaries, ensuring isolation when required and release when authorized, while preserving control over classification, compartment, releasability, and execution. Recognizing that static separation is costly and slow, QHx transforms classification and release context into enforceable MLS labels, admission decisions, and dynamic network isolation. Resources receive labels from principal identity and cluster policy, and workloads with different identities are automatically isolated via generated network policies. Principals can be constrained to authorized partner release sets, and object-level release ensures handling attributes accompany data leaving the workload path, providing flexible yet rigorous control.

Mission Command C2

Fragmented systems hinder effective command at the tactical edge. QHx provides a unified C4I fabric, connecting tactical edge systems, sensors, UAVs, MANETs, and satellite uplinks with command centers through robust identity, policy, and evidence. This enables commanders to sense, decide, and act decisively by linking edge workloads and command environments without compromising security boundaries. QHx ensures verified participants authenticate via cryptographic identity, not brittle shared credentials, and supports federated operations across separate clusters and authorities without collapsing trust domains. Optional Notary receipts preserve selected request and response facts, providing crucial evidence after action for review and accountability.

Denied & Degraded Communications

When data is denied, decisions are delayed, impacting mission confidence in Denied, Degraded, Intermittent, and Limited environments with intermittent links, constrained bandwidth, or unreachable central services. QHx addresses this with a durable trust model, focusing on provable security before, during, and after degraded operations. It ensures workloads receive pre-established identities and trust bundles, and enables offline verification of Notary receipts even after original credentials expire. Policy and deployment bundles carry cryptographic provenance into remote sites, and object continuity preserves data policy when messages are stored, forwarded, or delayed, ensuring trust persists despite unreliable links.

QHx Components Dedicated to Security

QHx Manager

Responsible for cluster oversight and continuously reconciles QHx policy, proxy configuration, and supporting resources to maintain desired states.

QHx PKI

From node and workload attestation, it securely issues credentials, including X.509-SVIDs, that are cryptographically bound to specific workloads.

QHx Proxy

Application traffic is securely mediated and transmitted via mutually authenticated, encrypted tunnels established between workloads.

QHx Notary

Creates persistent, verifiable records of specific workload requests and responses that can be authenticated offline.

QHx Attestor

Rigorously verifies and gates the issuance of identities using defined policy and TPM-backed platform evidence when enabled.

QHx CLI

Operators gain a direct, intuitive interface for simplified installation, inspection, and administration.

QHx Deployment

QHx leverages Kubernetes for deployment via Helm across diverse environments—on-premises, cloud, or edge. However, its sophisticated trust model goes further, binding identity and policy to individual AI workloads and nodes, offering a more granular and resilient security posture independent of the scheduler, network, or CPU architecture.

Seamless Integration

Existing HTTP and TCP services can be mediated by QHx Proxy rather than rewritten.

Assorted Compute

Containers, VMs, bare-metal nodes, and edge systems can participate through deployment-specific integration paths.

Federated Trust

Separate authorities can exchange trust bundles across trust domains.

Cryptographic Agility

Algorithms are selected through policy, including ML-DSA signatures and ML-KEM or hybrid key exchange.

Frequently Asked Questions

QHx is an adaptive security platform designed to fundamentally transform traditional security by embedding identity, policy, communication, and evidence directly into the runtime path—ensuring AI workloads and data is protected while adhering to disparate policies. It is a joint venture between Sterling, Dell Technologies, and Messier 42.

QHx employs five core components for a unified security coordinate system:
Workload Identity: SPIFFE-aligned, process-bound, continuously issued from attested nodes.
Attestation: Two-phase evidence – node attestation then workload identity issuance.
Policy: Authorization on identity, namespace, label, and runtime context.
Communication: Mutually authenticated tunnels carrying unmodified application traffic between attested workloads.
Provenance: Signed requests, response, and identity with verifiable receipts after credential expiry.

This model establishes trust through a rigorous execution flow: node attestation, workload identity issuance, posture verification, policy evaluation, and secure, mutually authenticated communication, with optional notarized recording. Trust is rooted in runtime-verified evidence, enabling workload-bound communication, identity-based policy, federated trust, cryptographic agility (including post-quantum migration), and durable, offline-verifiable provenance.

QHx Core is deployed via Helm on Kubernetes across on-premises, cloud, or edge. The security platform extends its trust model by attaching identity and policy directly to workloads and nodes, not just schedulers. It enables transparent adoption for existing services via QHx Proxy, supports heterogeneous compute environments (containers, VMs, bare-metal nodes, edge systems), facilitates federated trust across domains, and offers cryptographic agility with policy-selected algorithms, including ML-DSA and ML-KEM.

Messier 42 builds workload identity, post-quantum cryptography, and ruggedized edge compute for defense and coalition operations on untrusted networks. The team has contributed to and worked within the open-source ecosystem that underpins cloud-native security — including identity systems, supply chain security, and secure communication. Messier 42 collaborated with Sterling throughout the development of QHx, and we continue to work together when integrating and supporting QHx on client systems, ensuring mission-critical workloads are secure and trusted.

Maintained Authority Throughout Interconnected Systems

We empower teams whose systems demand secure authentication and verifiable evidence across multiple systems, various organizations, and untrusted networks. QHx enable seamless, auditable interactions in complex, federated environments where traditional trust boundaries are insufficient.